Privacy and Cookies Notice

PROPERTY LITIGATION ASSOCIATION – PRIVACY AND COOKIES NOTICE

Introduction

We are the Property Litigation Association. You can find further details about us and how to contact us in sections in the ‘Our details’ section below.

This notice explains how we handle personal data about our website visitors and members.

For the purposes of EU data protection law, we are the ‘controller’ of this personal data.

In this notice, “PLA”, “we”, “us” and “our” refer to the Property Litigation Association.

How we use your personal data

Types of personal data we process

The types of personal data we process in the normal course of our business are:

Usage data: data about website visitors’ use of our website and services, such as IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths. This data is collected automatically by our analytics tracking system and uses cookies for this purpose. See ‘Our use of cookies’ section for detail on cookies.
Membership application data: data provided in membership application forms and any cheques included for payment of the membership fee. This will include personal data relating to the applicant, the current PLA members proposing and seconding the applicant’s membership and any individual identified on the cheque.
Account data: data provided by members through online member accounts. This may include billing information (“billing data”) and the member’s phone numbers, email address, social media accounts, information about their career/role, PLA committees they are involved in, region and expertise (“profile data”). Members can add, delete and amend billing data and profile data at any time by logging into their accounts. Any changes made to billing and profile data this way will be recorded by our website and notified to our membership database administrator so that the changes can be reflected in our membership database for the purpose of keeping our membership records up to date. Any changes made to profile data will also automatically be reflected in the profile related to the account.
Publication data: data contained in any content for publication on our website or through our services, which might include the name and organisation of the person submitting the content and any personal data included in the content. All publications are made available on publicly accessible areas of our website, although comment features are only available to logged-in members.
Event registration data: data we obtain when a member registers to attend one of our events, including the data requested on our online event registration form.
Correspondence data: information contained in or relating to any communication sent to us, including the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using our web contact form.
Transaction data: we will make and keep records relating to transactions with us, such as payments of annual membership fees and payments to attend chargeable PLA events.
Notification data: information collected in connection with our provision of news, publications and updates relating to the PLA, PLA members and property litigation law and practice to members, such as email addresses and opt-out/unsubscribe requests.

Core processing purposes

The purposes for which we use personal data in the normal course of our activities, the types of personal data we use for those purposes and our legal bases for doing so are set out in the table below. An explanation of what the different legal bases mean can be viewed here.

Purposes of processing	Types of personal data	Legal basis
Analysing use of our website	Usage data	Our legitimate interests in monitoring and improving our website and services for the benefit of all users and members
Considering applicants’ eligibility for membership of PLA	Membership application data	Our legitimate interests in the proper administration of our membership
Requesting and receiving payment of membership fees	Membership application data Billing data	Performance of a contract – payment of the membership fee in return for being a member and receiving the various benefits and services we provide to members.
Maintaining a membership database in order to keep a record of our members and subscriptions	Membership application data Account data (when relevant data is updated by members)	Our legitimate interests in the proper administration of our membership
Creating online accounts for members	Membership application data	Our legitimate interests in restricting access to, and enabling members to access, member-only areas of our website and providing a means for members to add, delete and rectify information about them so that our records can be kept up to date and so that members can choose what information to make available on their member profile
Creating member profiles for members, which are made available on publicly accessible pages of our website	Membership application data	The legitimate interests of us and PLA members in exchanging relevant information among members of PLA, promoting the listed members’ specialist property litigation skills to the wider property industry and others with an interest in property, and acting upon individual members’ expressed wishes to have certain information about them made available to the public and other members.
Inviting members to join the PLA LinkedIn group	Membership application data
Maintaining member profiles	Profile data
Publishing content on our website at the request of members, such as articles, blogs, conference papers, updates and comments	Publication data	Our legitimate interests and those of our members in providing a network for the exchange of information among PLA members and promoting specialist property litigation skills within the property industry and among others with an interest in property
Administering and organising events, including: · communicating with attendees in relation to their attendance at the event · creating a ‘who’s coming’ list for the relevant event listing on our website · sending a list of attendees to the event organizer and attendees at the event	Event registration data	The legitimate interests of us and our members in providing and attending events that enable the exchange of information among PLA members and provide training and education in property litigation
Requesting and receiving payment of fees for chargeable PLA events	Event registration data Billing data	Performance of a contract – payment to attend the event
Communicating with PLA members, website users and others and keeping records of such communications	Correspondence data	Our legitimate interests in the proper administration of our website and business and communications with PLA members, website users and others
Keeping records of our transactions with members	Transaction data	Our legitimate interests in keeping records of transactions for the proper administration of our business and for complying with legal obligations to retain records of transactions (such as in relation to VAT).
Sending recent news, publications and updates relating to the PLA, PLA members and property litigation law and practice to our members	Notification data Membership application data (email address) Account data (email address)	The legitimate interests of us and our membership in enabling members to stay up-to-date with property litigation news and developments, which is one of the main benefits of being a PLA member and forms part of our core objects as an organisation

Data we use to send you news, publications and updates:

We use the email address provided in membership application forms, as updated by members from time to time, to send recent news, publications and updates relating to the PLA, PLA members and property litigation law and practice to our members.

We also send PLA members’ names, email addresses and membership number to Globe Business Publishing Ltd (“Globe”) so that they can send a Lexology daily newsfeed of property litigation-related items direct to PLA members. You can choose to stop receiving any of these emails at any time by:

using the unsubscribe facility in our emails and the Lexology emails
contacting the PLA administrator in respect of our emails
contacting Globe by email in respect of the Lexology emails

Other processing purposes

In addition to the core processing activities set out above, we may also process personal data if and to the extent necessary for the following purposes:

Purpose	Legal basis
Establishing, exercising or defending legal claims	Our legitimate interests in defending legal claims brought against us, enforcing claims against others and protecting and asserting our legal rights and the legal rights of you and others
Obtaining or maintaining insurance coverage, managing risks or obtaining professional advice	Our legitimate interests in protecting our business against risks
Compliance with a legal obligation such as a statutory or regulatory obligation or an order of a court, government body or regulator.	Compliance with a legal obligation
In order to protect your vital interests or the vital interests of another natural person	Protection of vital interests

Explanation of legal bases

It is only lawful to process personal data if there is a legal basis for doing it. Below is an explanation of the legal bases referred to in this notice.

Legitimate interests: processing of personal data is necessary for the purposes of the legitimate interests of us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms

Performance of a contract: processing of personal data is necessary for the performance of a contract with an individual or in order to take steps at the request of an individual prior to entering into a contract

Compliance with a legal obligation: processing of personal data is necessary for compliance with a legal obligation imposed by UK or EU law

Protection of vital interests: processing is necessary in order to protect the vital interests of you or another individual

Providing personal data to others

We may share the personal data described in this notice with the following categories of recipients, where and to the extent necessary for the purposes described in this notice:

Insurers
Professional advisers: such as lawyers, accountants, consultants
Service providers: we use a number of service providers in connection with the provision of our website and services and our IT infrastructure, which involves those service providers processing some of personal data to the extent necessary to provide the relevant services. We currently use the following providers:

Service provider name	Nature of services	Type of personal data processed
Mary Block	Administration of all PLA business and activity generally	All categories of data described in this notice
Carbonite, Inc.	Cloud-based data backup	All categories of data described in this notice
WPEngine, Inc.	Hosting of the PLA website	All categories of data described in this notice
Tela Ltd	Design and technical support for website	The support provided may involve Tela staff processing data that is available on publicly accessible areas of our website as well as data stored in the databases underlying our website such as account data and data collected by our web contact form
The Rocket Science Group LLC d/b/a MailChimp	Email services	Names and email addresses of PLA members
Globe Business Publishing Ltd (Lexology)	Sending Lexology email newsfeeds to PLA members	Names, email addresses and membership numbers of PLA members
Town & Provincial Seminars Ltd trading as TPS	PLA event organization, publicity and administration in relation to larger PLA events	Names, email addresses, name of firm and contact details of PLA members

Other disclosures:

There may also be circumstances in which we need to share personal data with other organisations or individuals, such as where disclosure is necessary for the purposes set out in the ‘Other processing purposes’ section above.

In all cases, we will only share personal data with such recipients where and to the extent reasonably necessary for the relevant processing purpose and in accordance with applicable data protection law.

International transfers of your personal data

This section describes the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).

The hosting facilities for our website are provided by WPEngine, Inc. and situated in the United Kingdom. However, our use of WPEngine services may involve processing of personal data obtained and made available via our website in various countries outside the EEA. WPEngine, Inc. participates in the EU-U.S. Privacy Shield and its registration can be viewed here: https://www.privacyshield.gov/participant?id=a2zt0000000TOS9AAO&status=Active

The backup for our membership database is provided by Carbonite, Inc., and the backups may be stored in various countries around the world, including countries outside the EEA. Carbonite, Inc. participates in the EU-U.S. Privacy Shield and its registration can be viewed here: https://www.privacyshield.gov/participant?id=a2zt0000000TNCcAAO&status=Active

Our use of MailChimp to send emails involves a transfer of our members’ names and email addresses to various countries outside the EEA. MailChimp participates in the EU-U.S. Privacy Shield and its registration can be viewed here: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active .

You acknowledge that personal data contained in or associated with content that you submit for publication through our website or services, including your member profile, may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

Explanation of EU-U.S. Privacy Shield: this is an adequacy decision of the European Commission in respect of the transfer and subsequent processing of personal data to and by organisations in the U.S. who self-certify their compliance with the Privacy Shield Framework Principles contained in Annex II to the European Commission Implementing Decision (EU) 2016/1250 of 12 July 2016. Further information can be found on the Privacy Shield website: https://www.privacyshield.gov/welcome and in the ICO guidance: https://ico.org.uk/media/for-organisations/documents/2014413/data-transfers-to-the-us-and-privacy-shield.pdf.

Retaining and deleting personal data

In this section we describe our data retention policies and procedures.

Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

We will retain personal data as follows:

usage data: we do not store the usage data itself or have access to data that enables us to identify individuals, but have ongoing access to aggregated statistical reports about the use of our website via our Google account dashboard.
membership application data: paper copies of the application form are destroyed once the individual is approved as a member and digital copies will be retained for as long as the individual remains a member. Data copied from the form into our membership database will be retained until the end of the last subscription year in which an individual remains a member in our ‘live’ database, and for a further 3 years in our ‘archive’ database, after which it will be deleted.
account registration data, billing data and account data: we will delete member profiles once an individual ceases to be a PLA member. The data stored in member accounts will be deleted at the end of the last subscription year in which the relevant individual is a member or earlier if the relevant individual so requests. Members can delete any of the data from their accounts at any time by logging into their accounts and amending the details themselves. Any account data or billing data copied from an account into our membership database will be retained until the end of the last subscription year in which an individual remains a member in our ‘live’ database, and for a further 3 years in our ‘archive’ database, after which it will be deleted.
publication data: this will remain accessible on the PLA website unless and until any person identified in the published content asks us to remove any publication data relating to them.
event registration data: event registration forms will be destroyed after the event, although attendee details in the ‘who’s coming’ section of the event listing will remain available on the website.
correspondence data: the data collected by our web contact form will be deleted after 3 years.
transaction data will be retained for 7 years after the transaction.
notification data: we will stop using your notification data to send you notification emails when you cease being a PLA member or unsubscribe from receiving these emails or tell us you don’t wish to receive them anymore. However, we and Lexology will retain your email address on a ‘suppression list’ to ensure that we comply with any unsubscribe/opt-out request from you. Where your email address has been copied onto our membership database, it will be retained until the end of the last subscription year in which you remain a member in our ‘live’ database, and for a further 3 years in our ‘archive’ database, after which it will be deleted.

These retention periods are subject to any longer retention periods that may be necessary for compliance with a legal obligation to which we are subject, protecting your vital interests or the vital interests of another natural person or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

Security of personal data

We will take appropriate technical and organisational precautions to secure your personal data and to prevent the loss, misuse or alteration of your personal data.

You acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

You should ensure that the password you use to access your account is not susceptible to being guessed, whether by a person or a computer program. You are responsible for keeping your password confidential and we will not ask you for your password (except when you log in to our website).

Your rights

You have a number of different rights you might be able exercise against us in relation to personal data about you that we process. These are rights to:

access, obtain rectification or erasure, restrict processing and object to processing of your personal data
have your personal data ‘ported’ to you or another organisation
complain to a supervisory authority about our processing of your personal data
withdraw consent to our processing of your personal (where you have given consent)

The availability of these rights varies depending on the legal basis that we rely on for processing the relevant personal data. Below we have summarised these rights and explained how you can request to exercise them.

Access: You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing that the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

Rectification: You have the right to have any inaccurate personal data about you corrected and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. We may need to verify the accuracy of the new data you provide to us.

Erasure: You have the right to the erasure of your personal data without undue delay where the personal data are no longer necessary in relation to the purposes for which we collected or otherwise processed them, you successfully object to our processing, you object to our use of your personal data for direct marketing purposes, we have processed your personal data unlawfully, or an applicable law requires the relevant personal data to be erased. However, there are exclusions to the right to erasure, including where we have overriding legitimate grounds to continue processing the relevant personal data or are required to do so by applicable law or where we need it to establish, exercise or defend a legal claim.

Restriction: You have the right to restrict our processing of your personal data where you contest the accuracy of the personal data, our processing is unlawful, we no longer need the personal data for our purposes but you require it to establish, exercise or defend a legal claim, or you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it to establish, exercise or defend a legal claim, to protect the rights of another natural or legal person or for reasons of important public interest or with your consent.

Object: You have the right to object to our processing of your personal data where we rely on legitimate interests as the legal basis for the processing. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

Object to processing for direct marketing purposes: You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes).

Data portability: where our processing of your personal data is based on performance of a contract and is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

Complain to a supervisory authority: If you consider that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

Withdraw consent: where any of our processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

How to exercise these rights against us: You can exercise any of your rights in relation to your personal data that require any action by us by contacting us using any of the contact details displayed on our website contact page.

How to complain to a supervisory authority: To make a complaint to a supervisory authority, you may contact the supervisory authority of your choice using contact details made available by that supervisory authority. Relevant contact details for the UK supervisory authority, the ICO, can be found here: https://ico.org.uk/concerns/.

Third party websites

Our website may include hyperlinks to, and details of, third party websites. We have no control over, and are not responsible for, the privacy policies and practices of third parties.

Updating your information

Members can add, delete and amend their billing and profile data at any time by logging into their account. Any changes made to billing and profile data this way will be recorded by our website and notified to our membership database administrator so that the changes can be reflected in our membership database. Any changes made to profile data this way will also automatically be reflected in the member profile related to the account, enabling members to control what information is visible in their member profile.

If any personal data that we hold about you needs to be corrected or updated, please let us know, or use your account to do so yourself.

Our use of cookies

What is a cookie?

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by our web server to your web browser when you visit our website and is stored by your browser. The identifier is then sent back to our server each time your browser requests a page from our server

Cookies are either “persistent” cookies or “session” cookies: a persistent cookie will be stored by your web browser and remain valid until its set expiry date, unless deleted by you before the expiry date; a session cookie, on the other hand, will expire when you close your web browser.

Cookies do not typically contain any information that personally identifies a website user, but we might theoretically be able to identify individuals by linking any personal data we already have with information stored in and obtained from cookies.

Cookies that we use on our website:

Category

Purpose

Relevant cookies

Expiry

First or third party

analysis

to help us to analyse the use and performance of our website and services

_ga

_gat

_gid

session

Third party (Google)

cookie consent

to check whether your web browser is set to allow or reject cookies

_wordpress_test_cookie

session

Third party (WordPress)

We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create aggregated statistical reports about the use of our website, which Google makes available to us. Google’s privacy policy is available at: https://www.google.com/policies/privacy/.

Managing cookies

Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

Blocking all cookies will have a negative impact upon the usability of many websites, and if you block cookies, you will not be able to use all the features on our website.

Our details

We are the Property Litigation Association, a company limited by guarantee registered in England and Wales (company number 05364420) with its registered address at One Fleet Place, London, England, EC4M 7WS.

We are not registered as a data controller with the UK Information Commissioner’s Office because we only carry out exempt processing as a not-for-profit body, as set out in The Data Protection (Charges and Information) Regulations 2018 (paragraph 2(2)(g) of the Schedule).

You can contact us using any contact details published on our website from time to time.

Amendments to this notice

We may update this notice from time to time by publishing a new version on our website and, where any changes materially affect you, we will also make reasonable efforts to notify you.

10 July 2018

Not a member?